While other MediaPost newsletters and articles remain free to all ... our new Research Intelligencer service is reserved for paid subscribers ...

Subscribe today to gain access to every Research Intelligencer article we publish as well as the exclusive daily newsletter, full access to The MediaPost Cases, first-look research and daily insights from Joe Mandese, Editor in Chief.

Zoom Hit With Privacy Lawsuit Over Disclosures To Facebook

Video conferencing platform Zoom was hit with a class-action
complaint alleging it wrongly discloses information about users to Facebook and other outside companies.

Zoom's “wholly inadequate program design and security measures have resulted, and
will continue to result, in unauthorized disclosure of its users’ personal information to third parties,” California resident Robert Cullen alleges in a class-action complaint filed Monday
in U.S. District Court for the Northern District of California.

The complaint comes several days after the publication Motherboard reported that Zoom's iOS app was sending some data to Facebook.

On Friday, Zoom updated its app to stop the data transfers, and said it was taking steps "to ensure this does not happen again.".

The company -- which has recently seen a
surge in popularity due to the COVID-19 pandemic -- said in a blog post it had intended to enable users
to login with their Facebook accounts, and only recently learned that Facebook was collecting unnecessary information.

"We were made aware on Wednesday, March 25, 2020, that the Facebook SDK
was collecting device information unnecessary for us to provide our services," Zoom wrote. "The information collected by the Facebook SDK did not include information and activities related to meetings
such as attendees, names, notes, etc., but rather included information about devices such as the mobile OS type and version, the device time zone, device OS, device model and carrier, screen size,
processor cores, and disk space."

“Assuming this updated version works as described by Zoom, the harm to
plaintiff and the class members has been done and continues,” the lawsuit alleges. “Zoom appears to have taken no action to block any of the prior versions of the Zoom App from operating.
Thus, unless users affirmatively update their Zoom App, they likely will continue to unknowingly send unauthorized personal information to Facebook, and perhaps other third parties.”

Cullen claims Zoom violated California's consumer protection laws, including the new Consumer Privacy Act. That measure is largely known for privacy provisions that allow consumers to learn what
personal information about them is held by businesses, request deletion of that information, and to opt out of its sale.

But the law, which went into effect on January 1, also includes data
security provisions, including ones that authorize private lawsuits over data breaches caused by lax security.

The complaint alleges that Zoom failed to use reasonable security to prevent data
disclosures. The company “knew or should have known that the Zoom App security practices were inadequate to safeguard the class members’ personal information and that the risk of
unauthorized disclosure to at least Facebook was highly likely,” the lawsuit alleges.

Separately from the lawsuit, New York state is also investigating Zooom, according to The New York Times. On Monday, New York’s attorney general sent Zoom a letter asking
about security, the Times reports.